On Wed, 2012-11-07 at 16:46 +0000, Jan Beulich wrote: > Header length should be validated for all ACPI tables before accessing > any non-header field. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > --- > arch/x86/platform/efi/efi-bgrt.c | 2 ++ > 1 file changed, 2 insertions(+) > > --- 3.7-rc4/arch/x86/platform/efi/efi-bgrt.c > +++ 3.7-rc4-x86-EFI-BGRT-checks/arch/x86/platform/efi/efi-bgrt.c > @@ -39,6 +39,8 @@ void efi_bgrt_init(void) > if (ACPI_FAILURE(status)) > return; > > + if (bgrt_tab->header.length < sizeof(*bgrt_tab)) > + return; > if (bgrt_tab->version != 1) > return; > if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address) Guys, do you want me to take this into the efi tree? Jan, have you see machines that actually trip up without this check? I'm trying to gauge the urgency of this patch. -- Matt Fleming, Intel Open Source Technology Center -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
